<?php
class accountAccess {
	var $htmlString;
	
	function checkLogin($email) {
		global $dbname, $db, $db_selected;
		
		if (empty($email)) {
			return false;
		}
		
		$sql = "SELECT MemberID,FirstName,LastName from cdc_ContactClientDemographics WHERE Email1 = '$email'";
		$result = mysql_db_query($dbname,$sql);
		$data = mysql_fetch_assoc($result);
		$rows = mysql_num_rows($result);
		
		if ($rows>0) {
			/*
			 * Set session variables and return true
			 */	
			$_SESSION['fullName'] = $data['FirstName'].' '.$data['LastName'];
			$_SESSION['email']    = $email;
			$_SESSION['logged']   = 1;
			$_SESSION['memberID'] = $data['MemberID']; 
			
			return true;
		} else {
			return false;
		}		
	}
	
	function logout() {
		$_SESSION = array();
		if (isset($_COOKIE[session_name()])) {
		    setcookie(session_name(), '', time()-42000, '/');
		}	
		@session_destroy();
		header('Location: index.php');
	}
	
	function accountCreate($step=1) {
		
	}
	
	function saveAccountInformation() {
		global $dbname, $db, $db_selected;
		
		$nameFirst    = fieldToDB($_POST['nameFirst']);
		$nameLast     = fieldToDB($_POST['nameLast']);
		$address      = fieldToDB($_POST['address']);
		$city         = fieldToDB($_POST['city']);
		$state        = $_POST['state'];
		$zip          = fieldToDB($_POST['zip']);
		$email        = fieldToDB($_POST['email']);
		$phone        = fieldToDB($_POST['phone']);
		$iAm          = $_POST['iAm'];
		$childAgeYr   = $_POST['childAgeYr'];
		$childAgeMo   = $_POST['childAgeMonth'];
		$disability   = $_POST['disability'];
		$proTitle     = fieldToDB($_POST['proTitle']);
		$proOrg       = fieldToDB($_POST['proOrg']);
		$itemID       = $_POST['itemID'];	
		$itemType     = $_POST['itemType'];
		$memberID     = $_POST['memberID'];	
		$eventTitle   = $_POST['eventTitle'];
		$libraryTitle = $_POST['libraryTitle'];
		$orgFlag      = $_POST['orgFlag'];
		$action       = $_POST['action'];
		
		if ($iAm == 'Parent') {
			$memberType = '|Parent|||';
		} elseif ($iAm == 'Professional') {
			$memberType = '||Professional||';
		} else {
			$memberType = '||||';
		}
	
		$childAge = $childAgeYr.'|'.$childAgeMo;
	
		/*
		 * Do some server side validation
		 */
		if ($action != 'newAccount') {
			if (empty($nameFirst)) {
				$error = 1;
				$errorMessage = 'You must enter your first name.';
			}
			if (empty($nameLast)) {
				$error = 1;
				$errorMessage = 'You must enter your last name.';
			}
			if (empty($address)) {
				$error = 1;
				$errorMessage = 'You must enter your mailing address.';
			}	
			if (empty($city)) {
				$error = 1;
				$errorMessage = 'You must enter your city.';
			}
		}	
		if (empty($email)) {
			$error = 1;
			$errorMessage = 'You must enter your email address.';
		}
	
		if ($orgFlag == 'Swindells') {
			$orgField = 'OrgSwindells';
		} else {
			$orgField = 'OrgOrPTI';
		}
	
		if ($error != 1) {
			/*
			 * Save member information to database
			 */
			if (empty($memberID)) {
				$sql = "INSERT into cdc_ContactClientDemographics (
						FirstName,
						LastName,
						Address,
						City,
						State,
						Zip,
						Email1,
						Phone1,
						MemberType,
						RoleIDs,
						ChildAge,
						OrganizationName,
						OrganizationTitle,
						$orgField,
						DateUpdate,
						Userid
						) values (
						'$nameFirst',
						'$nameLast',
						'$address',
						'$city',
						'$state',
						'$zip',
						'$email',
						'$phone',
						'$memberType',
						'|||',
						'$childAge',
						'$proOrg',
						'$proTitle',	
						'1',					
						'".date('Y-m-d')."',
						'1000'
						)";
				$result = mysql_db_query($dbname,$sql);
				$memberID = mysql_insert_id();
				
				/*
				 * Send welcome email
				 */				
				$mail = new Emails();
				$mail->sendNewAccountEmail($memberID);
				
				/*
				 * Log in the new user
				 */
				$access->checkLogin($email);
			} else {
				$sql = "UPDATE cdc_ContactClientDemographics SET
						FirstName         = '$nameFirst',
						LastName          = '$nameLast',
						Address           = '$address',
						City              = '$city',
						State             = '$state',
						Zip               = '$zip',
						Email1            = '$email',
						Phone1            = '$phone',
						MemberType        = '$memberType',
						ChildAge          = '$childAge',
						OrganizationName  = '$proOrg',
						OrganizationTitle = '$proTitle',
						$orgField         = '1',
						DateUpdate        = '".date('Y-m-d')."'
						WHERE
						MemberID = '$memberID'";
				$result = mysql_db_query($dbname,$sql);
			}
							
			if ($itemType == 'event') {
				$contactSubject = 'Event Registration: '.$eventTitle;
				/*
				 * Send email notification to member
				 */
				$mail->sendEventRegistrationEmail($memberID,$itemID);
				
				/*
				 * Link event with member
				 */		
				$sql = "INSERT into cdc_linkEventMember (
						EventID,
						MemberID,
						DateRegister
						) values (
						'$itemID',
						'$memberID',
						'".date('Y-m-d G:i:s')."'
						)";
				$result = mysql_db_query($dbname,$sql);
			} elseif ($itemType == 'library') {
				/*
				 * Send email notification to user
				 */
				$mail->sendLibraryCheckoutEmail($memberID,$itemID);
				
				/*
				 * Link library item with member
				 */	
				$sql = "INSERT into cdc_LibraryCheckOut (
						LibraryID,
						MemberID,
						NumberLent,
						DateLent					
						) values (
						'$itemID',
						'$memberID',
						'1',
						'".date('Y-m-d')."'
						)";
				$result = mysql_db_query($dbname,$sql);
				$contactSubject = 'Library Item Checkout: '.$libraryTitle;
			}		
			
			/*
			 * Get last Contact ID Number (IDNumber)
			 */
			$sql = "SELECT MAX(IDNumber) AS MaxID from cdc_Contacts WHERE OrgFlag = '$orgFlag'";
			$result = mysql_db_query($dbname,$sql);
			$row = mysql_fetch_assoc($result);
			$maxContactID = $row['MaxID'];
			$newContactID = $maxContactID+1;
			
			/*
			 * Link contact with member
			 */
			$sql = "INSERT into cdc_Contacts (
					IDNumber,
					DateofContact,
					SubjectLine,
					ContactTypeID,
					Status,
					Temp,
					OrgFlag,
					DateUpdate,
					UseridEntry
					) values (
					'$newContactID',
					'".date('Y-m-d G:i:s')."',
					'$contactSubject',
					'666',
					'1',
					'0',
					'$orgFlag',
					'".date('Y-m-d')."',
					'1000'
					)";
			$result = mysql_db_query($dbname,$sql);
			$contactID = mysql_insert_id();
			
			$sql = "INSERT into cdc_linkContactMember (
					ContactID,
					MemberID
					) values (
					'$contactID',
					'$memberID'
					)";
			$result = mysql_db_query($dbname,$sql);
			
			
			/*
			 * Send confirmation email and redirect to account homepage.
			 */
			header('Location: accountHome.php?action='.$action);
		} else {
			return $error.'|'.$$errorMessage;		
		}
	}	
}
?>